NEW PfSense for new LAN setup



  • I am new here.

    We are a 20 users business with half
    on MacBook Pro and Wintel machines.

    We do mostly photo editing and
    movies.

    Currently the users store their files
    local drive and connect bus Asus
    Router to share files via Synology
    18xx NAS.

    We want to build Pfsense w/SNORT
    connecting to a server and users
    LAN segments.

    I ike to poll from anyone who has
    similar built for 1GB WAN up/down
    link.

    There's also plan to bring in Microsoft
    Server 2012 r2 and will have AD DS,
    file server, Sharepoint and SQL.

    Pfsense Machine

    Intel i3 3120T processor
    16 GB non ECC modules
    Supermicro X10SLV-O ITX
    Intel i340-T4 E1G44HT Ethernet Server PCIe
    Silverstone 450w PSU
    Silverstone Silverstone Tek Case SG05BB-LITE



  • looks like overkill, but should work. Unless you already have the parts, why not go 4-8core atom with ecc instead and save on utilities.



  • @messerchmidt:

    looks like overkill, but should work. Unless you already have the parts, why not go 4-8core atom with ecc instead and save on utilities.

    Atom C2758 or C2558 should be fine.



  • Thanks for the replies! :)

    Yes I already have Intel ethernet server PCIe card
    and a few of compatible 16 GB RAM non ECC
    modules.

    Q - Will ECC memory modules with a ITX server
    Motherboard "better" for the small office setup?

    Q - I am still deciding if I should go for i3 3120T or
    Pentium G3450T. Your thoughts?

    I need to go for SNORT and will need the
    1Gb WAN and inter-LAN routing between
    coming file servers to users' LAN.

    I have not got the motherboard but thought
    Supermicro a good choice, I was initially
    going for a cheap MSI B81 ITX board.

    I did review Supermicro C2758/2550/2558
    SOC motherboard but thought the 2.4Ghz
    CPU speed won't make the LAN-LAN/WAN
    1Gbps routing. Moreover I already have the
    Intel Ethernet Server card.

    For security and simple setup I chose to keep
    this PFsense on dedicated physical machine
    and not on virtualize machine.

    I read lots have success with their PFsense
    virtualized but the idea of it connected to WAN
    seems insecure. Moreover we don't have the in
    house skills to support virtualization or even VPN
    access hence the simplification.

    Q - Given above are we (non IT people) short
    changing ourselves? Our priority was security
    and keep things simple for room to grow.

    Appreciate your time and candid comments.


Log in to reply